Package org.springframework.security.ldap.userdetails

Class LdapAuthority

java.lang.Object

org.springframework.security.ldap.userdetails.LdapAuthority

All Implemented Interfaces:

Serializable, GrantedAuthority

public class LdapAuthority
extends Object
implements GrantedAuthority

An authority that contains at least a DN and a role name for an LDAP entry but can also contain other desired attributes to be fetched during an LDAP authority search.

See Also:

• Serialized Form

Constructor Summary

Constructors

Constructor	Description
LdapAuthority(String role, String dn)	Constructs an LdapAuthority that has a role and a DN but no other attributes
LdapAuthority(String role, String dn, Map<String,List<String>> attributes)	Constructs an LdapAuthority with the given role, DN and other LDAP attributes

Method Summary

Modifier and Type	Method	Description
boolean	equals(Object obj)	Compares the LdapAuthority based on getAuthority() and getDn() values.
Map<String,List<String>>	getAttributes()	Returns the LDAP attributes
List<String>	getAttributeValues(String name)	Returns the values for a specific attribute
String	getAuthority()	If the GrantedAuthority can be represented as a String and that String is sufficient in precision to be relied upon for an access control decision by an AccessDecisionManager (or delegate), this method should return such a String.
String	getDn()	Returns the DN for this LDAP authority
String	getFirstAttributeValue(String name)	Returns the first attribute value for a specified attribute
int	hashCode()
String	toString()

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Constructor Details

LdapAuthority

public LdapAuthority(String role,
 String dn)

Constructs an LdapAuthority that has a role and a DN but no other attributes

Parameters:

role - the principal's role

dn - the distinguished name

LdapAuthority

public LdapAuthority(String role,
 String dn,
 Map<String,List<String>> attributes)

Constructs an LdapAuthority with the given role, DN and other LDAP attributes

Parameters:

role - the principal's role

dn - the distinguished name

attributes - additional LDAP attributes

Method Details

getAttributes

public Map<String,List<String>> getAttributes()

Returns the LDAP attributes

Returns:

the LDAP attributes, map can be null

getDn

public String getDn()

Returns the DN for this LDAP authority

Returns:

the distinguished name

getAttributeValues

public List<String> getAttributeValues(String name)

Returns the values for a specific attribute

Parameters:

name - the attribute name

Returns:

a String array, never null but may be zero length

getFirstAttributeValue

public String getFirstAttributeValue(String name)

Returns the first attribute value for a specified attribute

Parameters:

name - the attribute name

Returns:

the first attribute value for a specified attribute, may be null

getAuthority

public String getAuthority()

Description copied from interface: GrantedAuthority

If the GrantedAuthority can be represented as a String and that String is sufficient in precision to be relied upon for an access control decision by an AccessDecisionManager (or delegate), this method should return such a String.

If the GrantedAuthority cannot be expressed with sufficient precision as a String, null should be returned. Returning null will require an AccessDecisionManager (or delegate) to specifically support the GrantedAuthority implementation, so returning null should be avoided unless actually required.

Specified by:

getAuthority in interface GrantedAuthority

Returns:

a representation of the granted authority (or null if the granted authority cannot be expressed as a String with sufficient precision).

equals

public boolean equals(Object obj)

Compares the LdapAuthority based on getAuthority() and getDn() values.

Overrides:

equals in class Object

hashCode

public int hashCode()

Overrides:

hashCode in class Object

toString

public String toString()

Overrides:

toString in class Object